Cyberattack News Roundup September 2019

When it comes to cyberattack news, it often feels like we still only see the tip of the iceberg. Despite the pervasive threats, it also seems that many businesses do not take network security seriously. A new report compiled by RiskBased Security appears to confirm those fears.

However, perhaps the most alarming finding from the RiskBased Security report is that the majority of breaches exposed 10,000 or fewer records. In other words, no target is too small to get attacked. It’s all about the data.

Now for this week’s roundup of cyberattack news from across the United States. We start with one of the most disturbing public institution attacks in recent memory.

U.S. CYBERATTACK NEWS (Aug. 15-31, 2019)

The Texas state government got rocked by a coordinated ransomware attack on at least 20 separate departments and entities. For security reasons, Texas did not release a full list of affected departments. Texas Department of Information Resources, Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are all assisting in the recovery effort.

Meanwhile, ZDNet reported that the ransomware virus used in the attack is named Sodinokibi. Experts expect to see more of these types of “simultaneous attacks,” since hackers tend to copy each other.

Suprema, a self-described “global powerhouse in biometrics, security and identity solutions,” suffered a significant data breach to their biometric database. The cyberattack exposed facial recognition records and fingerprints, as well as personal information on the Suprema staff. Over 5,700 organizations in 83 countries work with Suprema, and the attack likely affected millions of people across the globe. In a shocking oversight for a security company, Suprema left highly sensitive data unencrypted.

The network of Ohev Shalom, a synagogue in Maitland, Florida, got infected with ransomware in a targeted cyberattack. According to Ohev Shalom board president Steven Hornick, the attack involved a “new” type of ransomware. Word documents and Excel spreadsheets got encrypted and held for ransom, but the personal information of Ohev Shalom members did not get accessed.

Delta Air Lines filed a lawsuit against third-party vendor 24/7 for its role in a 2017 data breach. According to the lawsuit, 24/7 got contracted to create a chat platform for the Delta website. Due to “inadequate authentication measures,” a hacker accessed the Delta networks and modified the chat services software to scrape the credit card information of over 800,000 users. The suit claims that 24/7 knew about the incident for five months before notifying some Delta employees through LinkedIn messages.

A third party accessed an employee email account from Virginia Gay Hospital in Vinton, Iowa, potentially compromising patient information. The 25-bed hospital suffered a “data security incident” on June 18. Some of the exposed information includes names, dates of birth, Social Security numbers and medical information. Virginia Gay sent out notification letters to affected parties, and also established a call center to answer patient questions.

Phoenix-based broadband communications provider Cable One experienced a breach when an unauthorized person gained access to 14 employee email accounts. The attacker had access to the personal information of current and former employees, as well as their family members. Exposed PII likely includes names, addresses, Social Security numbers, financial account numbers, digital signatures and health insurance information.

Rockville, Maryland-based hotel chain Choice Hotels recently started contacting customers about a data breach involving roughly 700,00 records. This breach is related to a third-party vendor that copied and moved Choice Hotels data to their server. Choice Hotels ended its relationship with the vendors, but guest information likely got exposed in the breach. The hotel industry is becoming a prime target for hackers because of the amount of information they hold on customers.

Stevens Institute of Technology in Hoboken, New Jersey, is racing to fix computer and network issues before the start of the school year. The attack occurred on Aug. 8, and the school’s IT department shut down the entire system as a precaution. While the school’s wireless network remains down, summer school exams got postponed, and the deadline for tuition payments got expanded.

A cyberattack forced the school district in Nampa, the third most populated city in Idaho, to shut down all network services. The attack targeted Windows applications, and the school district is working with Microsoft to figure out the scope and origin of the attack. However, teachers remain unable to access any online curriculum during the recovery effort.

Embattled movie ticket subscription service MoviePass left tens of thousands of customer card numbers and personal credit cards exposed and unencrypted. A security researcher at SpiderSilk discovered the vulnerable database, which contained 161 million records, including some sensitive user information. At least 58,000 of the exposed records included debit or credit card data.

Hackers stole the personal information of 9,900 patients who participated in research studies at Massachusetts General Hospital. The hospital is working with federal law enforcement and notifying patients affected by the June data breach. Compromised data includes names, birthdates, genders, races, ethnicities and health care data.

In July, a Long Island school district got hacked with the Ryuk ransomware virus. The virus encrypted files on the server of this 3,500-student district, rendering the data inaccessible. Rock Centre paid nearly $100,000 to get a decryption key, with the district’s cyber insurance policy mostly covering the payout.

If you thought that only public schools show up in a cyberattack news story, think again. Regis University, a private Catholic school in Denver, got hit with a cyberattack that likely originated from outside America. The school shut down computer, phone and email systems after first detecting trouble, and they also notified law enforcement. Meanwhile, this show-stopping shutdown comes just as the school’s fall semester is about to begin.

KrebsOnSecurity found over 5.3 million credit and debit cards from the Hy-Vee data breach for sale on the “dark web.” Iowa-based supermarket chain Hy-Vee, which owns over 245 stores across the Midwest, disclosed a possible data breach on Aug. 14. The breach mostly affected transactions on gas pumps at Hy-Vee gas stations, as well as drive-thru coffee shops and some in-store restaurants. However, the stolen information relates to accounts from 35 different states.

Impacted courthouses in Georgia continue to recover from a June cyberattack that infiltrated the state judicial system’s network. The attack originated from outside the United States and used a ransomware known as Defray777. It targeted a management system used by 30 Magistrate Courts, 23 Municipal Courts and 17 Probate Courts.

Affected courts cannot access criminal cases and traffic citations, marking a temporary return to paper records. Meanwhile, courts continue to reschedule dates and negotiate with private vendors for a new management system. An estimated 12,000 manpower hours have been used to reenter the lost data. Meanwhile, Gov. Brian Kemp already ordered twice-a-year cyber security training for all state employees.

An unnamed third party alerted security vendor Imperva, a “leading provider of internet firewall services,” about a data breach of their cloud firewall product. Information left exposed by the California-based company included email addresses, hashed passwords, API keys and SSL certificates. Imperva was acquired earlier this year by private equity firm Thoma Bravo for $2.1 billion.

Daniel Barnes is the Digital Content Manager at Capital Network Solutions, and he also writes about IT issues for the CNS blog. Born and raised in Sacramento, Daniel graduated from California State University, Sacramento with a degree in Journalism. He has been writing for print and online publications for the last twenty years. His work has appeared in The Sacramento Bee, Sacramento News & Review, Comstock’s Magazine, Sacramento Magazine, East Bay Express and many more. In his free time, Daniel co-hosts the Dare Daniel Podcast.

Categories

About Us

Capital Network Solutions, Inc. (CNS) is the premier Northern California network services and consulting company. Established in 1989, we have supported hundreds of clients in the technology arena at an affordable rate.